Emerging trends such as FedRAMP, community clouds, and single-source contracts point to the start of phase two for cloud computing in federal government.
Secret Spy Satellite Takes Off: Stunning Images
(click image for larger view and for slideshow)
Federal agencies are moving beyond their phase one cloud computing initiatives. They're testing and revising different cloud models, types of contracts, and security approaches, among other standard practices.
The Office of Management and Budget lit a fire under federal agencies and departments 18 months ago with its "cloud first" policy. With fed organizations already forced to close hundreds of data centers under the Federal Data Center Consolidation Initiative, they had little choice.
Much has happened in the past few weeks that points to the 2.0 phase of federal clouds. Following are 10 recent developments with long-term implications.
1. FedRAMP, a federal program to certify cloud security, opened for business. Agencies can now piggyback on the work done by other agencies to ensure that cloud services comply with more than two dozen laws, regulations, and standards that apply to them, including the all-important Federal Information Security Management Act.
2. Agencies have begun pursuing single-source, no-bid cloud contacts. For example, the Naval Supply Systems Command plans to use Amazon Web Services to store and distribute digital photography and video because, it says, Amazon provides the required capabilities in a single, integrated package that's more reliable and less vulnerable to attack than other cloud services. In a notice on its plan, the Navy says Amazon is "the only known source" to meet its requirements.
3. Agencies are using the cloud to secure the cloud. Security, of course, is the No. 1 concern about cloud computing, so it's remarkable that agencies are defying conventional wisdom in this way. The Naval War College plans to award a contract (a single-source contract, in fact) to Cloudlock, a software-as-a-service vendor, to secure its implementation of Google Drive, Docs, and other apps.
[ The feds want to shift 25% of the government's $80 billion in annual IT spending to cloud computing. Read how they plan to do it in Cloud Computing's Tipping Point. ]
4. Enterprise-wide "foundation" cloud services are emerging. The Department of Interior this month issued an RFP that goes well beyond the email-as-a-service RFPs that have been the cloud entry point for many agencies. Interior is shopping for storage, secure file transfer, virtual machines, database and Web hosting, a development and test environment, and SAP application hosting--all from the cloud.
5. Intelligence agencies plan to begin tapping into the public cloud. Speaking at InformationWeek's Government IT Leadership Forum in May, Al Tarasiuk, the CIO of the U.S. Intelligence Community, said the IC has developed "an architecture where we're going to bring some commercial cloud capabilities inside our fence lines." This is notable for two reasons--first, that intelligence agencies have reached a level of trust in the public cloud, and second, that IT architecture is enabling yet another way to tap into the cloud.
6. The cloud is promising leap-ahead IT capabilities to agencies that are far behind the pack. The Department of Labor's email system, used by 22,000 employees, is Microsoft Exchange 2003. The agency is looking to the cloud to bring it into the modern age, not just for email, but also for collaboration services, archiving, e-discovery, and single sign-on, while supporting a wider variety of mobile devices.
7. The community cloud, once a concept, is becoming a reality. A year ago, Los Alamos National Lab began offering infrastructure-as-a-service from its data center. Building on that work, the lab has teamed with the National Nuclear Security Administration to develop a community cloud that will be more widely available within the Department of Energy. That service model is made possible by an internally developed cloud services broker, and plans call for tying in commercial cloud services, which would create one of government's first hybrid, community clouds.
8. The cloud is saving energy. In theory, cloud services are more efficient than do-it-yourself data centers, and a new report from Google on the General Services Administration's use of Google Apps provides some proof of that. According to Google, GSA's per-user energy consumption dropped 89%, from 175 kWh/user to 20 kWh/user. That's largely explained by the fact that the number of email servers operated by GSA dropped 82%, from 324 to 61. Of course, that consolidation is a benefit in its own right.
9. NASA stopped contributing to the development of OpenStack, the open source cloud project, and began using Amazon Web Services. This development is surprising given NASA's early involvement in OpenStack, which is partly based on NASA's Nebula cloud code. Sensing a business opportunity, two former NASA technologists launched competing cloud startups based on OpenStack. We can only hope that NASA finds another way to capitalize on its own innovation.
10. The National Institute of Standards and Technology has released a guide to cloud computing. The 81-page guide provides an overview of clouds models (private, public, hybrid, community); discusses the benefits of and concerns about software-as-a-service, infrastructure-as-a-service, and platform-as-a-service; and offers advice on management, governance, and security. NIST says the guide is written in "plain language" for CIOs and other IT execs. That alone makes NIST's publication an important new development.
The Office of Management and Budget demands that federal agencies tap into a more efficient IT delivery model. The new Shared Services Mandate issue of InformationWeek Government explains how they're doing it. Also in this issue: Uncle Sam should develop an IT savings dashboard that shows the returns on its multibillion-dollar IT investment. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.